@onekeyfe/hardware-cli 1.1.26-alpha.106 → 1.1.26-alpha.4

package/dist/session.js

@@ -0,0 +1,83 @@
+"use strict";
+/**
+ * Passphrase session management for hd-cli.
+ *
+ * Aligns with app-monorepo's CLI pattern:
+ *   Login:   getPassphraseState → passphraseState + sessionId → keychain
+ *   Command: keychain → preloadSessionCache → SDK call (no passphrase prompt)
+ *   Stale:   error 112 → clear keychain → re-prompt → retry
+ *   Logout:  keychain delete
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.clearSessionFromKeychain = exports.saveSessionToKeychain = exports.preloadSessionFromKeychain = void 0;
+const hd_core_1 = require("@onekeyfe/hd-core");
+const storage_1 = require("./storage");
+// Keychain key format: scoped by deviceId for multi-device support
+function psKey(deviceId) {
+    return `onekey-hw:${deviceId}/passphrase-state`;
+}
+function sidKey(deviceId) {
+    return `onekey-hw:${deviceId}/session-id`;
+}
+let storageInstance = null;
+function getStorage() {
+    if (!storageInstance) {
+        storageInstance = (0, storage_1.createSecureStorage)();
+    }
+    return storageInstance;
+}
+/**
+ * Load passphraseState + sessionId from keychain and call preloadSessionCache.
+ * Non-fatal: returns the loaded passphraseState or undefined.
+ */
+async function preloadSessionFromKeychain(deviceId) {
+    try {
+        const storage = getStorage();
+        const [psBuf, sidBuf] = await Promise.all([
+            storage.get(psKey(deviceId)),
+            storage.get(sidKey(deviceId)),
+        ]);
+        if (psBuf && sidBuf) {
+            const passphraseState = psBuf.toString('utf-8');
+            const sessionId = sidBuf.toString('utf-8');
+            (0, hd_core_1.preloadSessionCache)(deviceId, passphraseState, sessionId);
+            return passphraseState;
+        }
+    }
+    catch {
+        // Non-fatal — fall through to passphrase prompt
+    }
+    return undefined;
+}
+exports.preloadSessionFromKeychain = preloadSessionFromKeychain;
+/**
+ * Save passphraseState + sessionId to keychain for next CLI invocation.
+ */
+async function saveSessionToKeychain(deviceId, passphraseState, sessionId) {
+    try {
+        const storage = getStorage();
+        await Promise.all([
+            storage.set(psKey(deviceId), Buffer.from(passphraseState, 'utf-8')),
+            storage.set(sidKey(deviceId), Buffer.from(sessionId, 'utf-8')),
+        ]);
+    }
+    catch {
+        // Non-fatal — session still works in-memory for this invocation
+    }
+}
+exports.saveSessionToKeychain = saveSessionToKeychain;
+/**
+ * Clear cached session from keychain.
+ */
+async function clearSessionFromKeychain(deviceId) {
+    try {
+        const storage = getStorage();
+        if (deviceId) {
+            await Promise.allSettled([storage.delete(psKey(deviceId)), storage.delete(sidKey(deviceId))]);
+        }
+    }
+    catch {
+        // Non-fatal
+    }
+}
+exports.clearSessionFromKeychain = clearSessionFromKeychain;

package/dist/storage/index.d.ts

@@ -0,0 +1,2 @@
+export { createSecureStorage } from './storage-factory';
+export type { ISecureStorage, SecureStorageBackend } from './types';

package/dist/storage/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSecureStorage = void 0;
+var storage_factory_1 = require("./storage-factory");
+Object.defineProperty(exports, "createSecureStorage", { enumerable: true, get: function () { return storage_factory_1.createSecureStorage; } });

package/dist/storage/process-utils.d.ts

@@ -0,0 +1,2 @@
+import type { IProcessRunner } from './types';
+export declare const defaultProcessRunner: IProcessRunner;

package/dist/storage/process-utils.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultProcessRunner = void 0;
+const node_child_process_1 = require("node:child_process");
+exports.defaultProcessRunner = {
+    execFileAsync(cmd, args) {
+        return new Promise((resolve, reject) => {
+            (0, node_child_process_1.execFile)(cmd, args, (error, stdout, stderr) => {
+                if (error) {
+                    error.stderr = stderr;
+                    reject(error);
+                    return;
+                }
+                resolve({ stdout, stderr });
+            });
+        });
+    },
+    spawnWithStdin(cmd, args, input) {
+        return new Promise((resolve, reject) => {
+            const child = (0, node_child_process_1.spawn)(cmd, args, { stdio: ['pipe', 'pipe', 'pipe'] });
+            let stdout = '';
+            let stderr = '';
+            child.stdout.on('data', (data) => {
+                stdout += data.toString();
+            });
+            child.stderr.on('data', (data) => {
+                stderr += data.toString();
+            });
+            child.on('error', reject);
+            child.on('close', code => {
+                if (code !== 0) {
+                    const error = new Error(`Process exited with code ${code}`);
+                    error.code = code ?? 1;
+                    error.stderr = stderr;
+                    reject(error);
+                    return;
+                }
+                resolve({ stdout, stderr });
+            });
+            child.stdin.write(`${input}\n`);
+            child.stdin.end();
+        });
+    },
+};

package/dist/storage/secure-storage.linux.d.ts

@@ -0,0 +1,11 @@
+/// <reference types="node" />
+import type { IProcessRunner, ISecureStorage, SecureStorageBackend } from './types';
+export declare class LinuxSecureStorage implements ISecureStorage {
+    private readonly runner;
+    constructor(runner?: IProcessRunner);
+    getBackendType(): SecureStorageBackend;
+    set(key: string, value: Buffer): Promise<void>;
+    get(key: string): Promise<Buffer | null>;
+    delete(key: string): Promise<void>;
+    private isItemNotFound;
+}

package/dist/storage/secure-storage.linux.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LinuxSecureStorage = void 0;
+const process_utils_1 = require("./process-utils");
+const SERVICE_NAME = 'onekey-hw-cli';
+const SECRET_LABEL = 'OneKey HW CLI Secret';
+class LinuxSecureStorage {
+    constructor(runner = process_utils_1.defaultProcessRunner) {
+        this.runner = runner;
+    }
+    getBackendType() {
+        return 'linux-secret-service';
+    }
+    async set(key, value) {
+        await this.runner.spawnWithStdin('secret-tool', ['store', '--label', SECRET_LABEL, 'service', SERVICE_NAME, 'account', key], value.toString('hex'));
+    }
+    async get(key) {
+        try {
+            const { stdout } = await this.runner.execFileAsync('secret-tool', [
+                'lookup',
+                'service',
+                SERVICE_NAME,
+                'account',
+                key,
+            ]);
+            const hex = stdout.trim();
+            return hex ? Buffer.from(hex, 'hex') : null;
+        }
+        catch (error) {
+            if (this.isItemNotFound(error))
+                return null;
+            throw error;
+        }
+    }
+    async delete(key) {
+        try {
+            await this.runner.execFileAsync('secret-tool', [
+                'clear',
+                'service',
+                SERVICE_NAME,
+                'account',
+                key,
+            ]);
+        }
+        catch (error) {
+            if (this.isItemNotFound(error))
+                return;
+            throw error;
+        }
+    }
+    isItemNotFound(error) {
+        const err = error;
+        const stderr = err.stderr ?? err.message ?? '';
+        return (stderr.includes('No such secret item') ||
+            stderr.includes('Object does not exist') ||
+            stderr.includes('could not find'));
+    }
+}
+exports.LinuxSecureStorage = LinuxSecureStorage;

package/dist/storage/secure-storage.macos.d.ts

@@ -0,0 +1,11 @@
+/// <reference types="node" />
+import type { IProcessRunner, ISecureStorage, SecureStorageBackend } from './types';
+export declare class MacOSSecureStorage implements ISecureStorage {
+    private readonly runner;
+    constructor(runner?: IProcessRunner);
+    getBackendType(): SecureStorageBackend;
+    set(key: string, value: Buffer): Promise<void>;
+    get(key: string): Promise<Buffer | null>;
+    delete(key: string): Promise<void>;
+    private isItemNotFound;
+}

package/dist/storage/secure-storage.macos.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MacOSSecureStorage = void 0;
+const process_utils_1 = require("./process-utils");
+const SERVICE_NAME = 'onekey-hw-cli';
+class MacOSSecureStorage {
+    constructor(runner = process_utils_1.defaultProcessRunner) {
+        this.runner = runner;
+    }
+    getBackendType() {
+        return 'macos-keychain';
+    }
+    async set(key, value) {
+        const hex = value.toString('hex');
+        // Use `security -i` (interactive/batch mode): the tool parses commands
+        // from stdin internally instead of re-spawning a sub-process per command,
+        // so the password argument never appears in /proc or `ps aux` output.
+        //
+        // Keys are of the form `onekey-hw:<deviceId>/<slot>` and hex values only
+        // contain 0-9a-f, so neither contains shell metacharacters that would
+        // break the simple quoting security's parser expects.
+        const cmd = `add-generic-password -s "${SERVICE_NAME}" -a "${key}" -w "${hex}" -U`;
+        await this.runner.spawnWithStdin('security', ['-i'], cmd);
+    }
+    async get(key) {
+        try {
+            const { stdout } = await this.runner.execFileAsync('security', [
+                'find-generic-password',
+                '-s',
+                SERVICE_NAME,
+                '-a',
+                key,
+                '-w',
+            ]);
+            const hex = stdout.trim();
+            return hex ? Buffer.from(hex, 'hex') : null;
+        }
+        catch (error) {
+            if (this.isItemNotFound(error))
+                return null;
+            throw error;
+        }
+    }
+    async delete(key) {
+        try {
+            await this.runner.execFileAsync('security', [
+                'delete-generic-password',
+                '-s',
+                SERVICE_NAME,
+                '-a',
+                key,
+            ]);
+        }
+        catch (error) {
+            if (this.isItemNotFound(error))
+                return;
+            throw error;
+        }
+    }
+    isItemNotFound(error) {
+        const err = error;
+        return err.code === 44 || err.stderr?.includes('could not be found') === true;
+    }
+}
+exports.MacOSSecureStorage = MacOSSecureStorage;

package/dist/storage/storage-factory.d.ts

@@ -0,0 +1,3 @@
+/// <reference types="node" />
+import type { ISecureStorage } from './types';
+export declare function createSecureStorage(platform?: NodeJS.Platform): ISecureStorage;

package/dist/storage/storage-factory.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSecureStorage = void 0;
+const secure_storage_linux_1 = require("./secure-storage.linux");
+const secure_storage_macos_1 = require("./secure-storage.macos");
+function createSecureStorage(platform = process.platform) {
+    if (platform === 'darwin')
+        return new secure_storage_macos_1.MacOSSecureStorage();
+    if (platform === 'linux')
+        return new secure_storage_linux_1.LinuxSecureStorage();
+    throw new Error(`Secure storage is not supported on platform "${platform}". ` +
+        'Use macOS Keychain or Linux Secret Service.');
+}
+exports.createSecureStorage = createSecureStorage;

package/dist/storage/types.d.ts

@@ -0,0 +1,18 @@
+/// <reference types="node" />
+export type SecureStorageBackend = 'macos-keychain' | 'linux-secret-service';
+export interface ISecureStorage {
+    getBackendType(): SecureStorageBackend;
+    get(key: string): Promise<Buffer | null>;
+    set(key: string, value: Buffer): Promise<void>;
+    delete(key: string): Promise<void>;
+}
+export interface IProcessRunner {
+    execFileAsync(cmd: string, args: string[]): Promise<{
+        stdout: string;
+        stderr: string;
+    }>;
+    spawnWithStdin(cmd: string, args: string[], input: string): Promise<{
+        stdout: string;
+        stderr: string;
+    }>;
+}

package/dist/storage/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@onekeyfe/hardware-cli",
-  "version": "1.1.26-alpha.106",
-  "description": "OneKey hardware wallet CLI for AI agent integration",
+  "version": "1.1.26-alpha.4",
+  "description": "OneKey hardware wallet CLI for testing device communication",
   "author": "OneKey",
   "license": "Apache-2.0",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
@@ -18,20 +18,22 @@
     "access": "public"
   },
   "scripts": {
-    "dev": "rimraf dist && rollup -c rollup.config.js -w",
-    "build": "rimraf dist && rollup -c rollup.config.js && node -e \"const f='dist/cli.js';const c=require('fs').readFileSync(f,'utf8');require('fs').writeFileSync(f,'#!/usr/bin/env node\\n'+c)\"",
+    "build": "tsc && node -e \"const f='dist/cli.js';const c=require('fs').readFileSync(f,'utf8');if(!c.startsWith('#!'))require('fs').writeFileSync(f,'#!/usr/bin/env node\\n'+c)\"",
+    "prestart": "tsc",
+    "start": "node dist/cli.js",
+    "search": "node dist/cli.js search",
+    "get-features": "node dist/cli.js get-features",
+    "get-address": "node dist/cli.js get-address",
+    "ping": "node dist/cli.js ping",
     "lint": "eslint .",
     "lint:fix": "eslint . --fix"
   },
   "dependencies": {
-    "@onekeyfe/hd-common-connect-sdk": "1.1.26-alpha.106",
-    "@onekeyfe/hd-core": "1.1.26-alpha.106",
-    "@onekeyfe/hd-shared": "1.1.26-alpha.106",
-    "@onekeyfe/hd-transport-usb": "1.1.26-alpha.106",
-    "commander": "^12.0.0",
-    "eventemitter2": "^6.4.9",
-    "lodash": "^4.17.21",
-    "tslib": "^2.6.0"
+    "@onekeyfe/hd-common-connect-sdk": "1.1.26-alpha.4",
+    "@onekeyfe/hd-core": "1.1.26-alpha.4",
+    "@onekeyfe/hd-shared": "1.1.26-alpha.4",
+    "@onekeyfe/hd-transport-usb": "1.1.26-alpha.4",
+    "commander": "^12.0.0"
   },
-  "gitHead": "545b9e1a312bbdd6878ed347a9986603762a41dc"
+  "gitHead": "c03e3a11a9871dc22b711589ad4962399381c92e"
 }